From 0387da273779bd16bba74da4ac4384cbe78ca484 Mon Sep 17 00:00:00 2001 From: Harald Eilertsen Date: Sat, 6 Jul 2024 12:12:02 +0200 Subject: Also include originating IP address and timestamp in creds list. --- src/process-request.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/process-request.php b/src/process-request.php index bbc1e4b..d0af0b5 100644 --- a/src/process-request.php +++ b/src/process-request.php @@ -7,11 +7,11 @@ use VolseNet\Webtrap\XmlRpcMethod; -function save_credentials(string $user, string $pass): void +function save_credentials(string $ts, string $addr, string $user, string $pass): void { $file_name = dirname(__DIR__) . '/payloads/credentials.txt'; $file = new SplFileObject($file_name, 'a'); - $file->fwrite("{$user}: {$pass}\n"); + $file->fwrite("{$ts}|{$addr}|{$user}|{$pass}\n"); } $data = [ @@ -31,7 +31,7 @@ $data = [ if (preg_match('/xmlrpc\.php/i', $data['REQUEST_URI']) && $data['REQUEST_METHOD'] === 'POST') { $method = XmlRpcMethod::parse($data['BODY']); if ($method->name === 'wp.getUsersBlogs') { - save_credentials($method->params[0], $method->params[1]); + save_credentials($data['REQUEST_TIME'], $data['REMOTE_ADDR'], $method->params[0], $method->params[1]); error_log("Trapped XML-RPC request: saved credentials"); header("HTTP/1.1 404 Not Found"); -- cgit v1.2.3